Rackspace Community

cloud images

How to Add Linux User With Document Root Permissions

Article ID: 1259

Last updated on October 9, 2012

Authored by: Rackspace Support

This article will walk you through setting up a Linux user with read and write permissions for your web document root, usually the /var/www/ directory. Connecting with this user via SFTP will let you upload your website content directly to the /var/www/your/site/folder.

For the purposes of this example we'll use an account named "demo". Be sure to replace "demo" in the examples with your preferred name.

These commands require superuser privileges so they assume you are running them from an account with sudo privileges.

Getting the group and directory

We'll need to know the group the web server process is running under as well as the location of your web server's document root. This information can usually be found in the web server's config file (like httpd.conf or apache2.conf for apache).

We've listed the default values for the apache web server running on some Linux distributions below.

CentOS, Fedora, and RHEL

On Red Hat-based systems apache runs under the group "apache" with a document root of "/var/www/html".

Ubuntu and Debian

On Debian-based systems apache runs under the group "www-data" with a document root of "/var/www".

Create or modify a user

Now we can either create a new user or modify an existing user for our purposes.

Creating a new user

If we're creating a new user, we'll want it to be in the same group as the web server with its home directory set to your document root.

Remember to change the values to match your web server's settings and the username you're using.

On CentOS, Fedora, or RHEL, the command to create the user would look like this:

sudo useradd -d /var/www/html -G apache demo

On Ubuntu or Debian systems you would use different values:

sudo useradd -d /var/www -G www-data demo

Once the user is created you'll need to set its password as well.

sudo passwd demo

You can now skip to the section on changing the document root to be group-writable.

Modifying an existing user

If you want to modify an existing user you'll need to add it to the group used by your web server.

On CentOS, Fedora, or RHEL, the command would look like this:

sudo usermod -a -G apache demo

And on Ubuntu or Debian it might look like:

sudo usermod -a -G www-data demo

If you want to change the account to use the document root as its home directory you can do that too.

On CentOS, Fedora, or RHEL you would run:

sudo usermod -d /var/www/html demo

And on Ubuntu or Debian:

sudo usermod -d /var/www demo

Changing the document root permissions

Now we'll change the document root so it and its contents are in the same group as the web server.

Setting the group

On CentOS, Fedora, or RHEL run:

sudo chgrp -R apache /var/www/html

And on Ubuntu or Debian:

sudo chgrp -R www-data /var/www

Setting the permissions

Next we make the document root group-writable, but we'll also want to set the "setgid" permission on the document root directory itself. The setgid permission will ensure that new files created in the document root will inherit the group ID from their parent directory.

On CentOS, Fedora, or RHEL you can set the right permissions with the commands:

sudo chmod -R g+w /var/www/html
sudo chmod g+s /var/www/html

The Ubuntu and Debian versions of the commands would be:

sudo chmod -R g+w /var/www
sudo chmod g+s /var/www

Connect and test

Now you can connect to your server via sftp with the user account you created or modified. Try uploading a file to make sure the permissions were set correctly. If you get a permission denied error run an "ls -la" in the document root to check the directory permissions.